CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6239 – Incorrect calculation of effective permissions
https://notcve.org/view.php?id=CVE-2023-6239
28 Nov 2023 — Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object. Los permisos efectivos calculados incorrectamente en las versiones 23.9 y 23.10 y 23.11 anteriores a 23.11.13168.7 de M-Files Server podrían producir un resultado defectuoso si un objeto usaba una configuración espec... • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6239 • CWE-281: Improper Preservation of Permissions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6189 – Improper Permission Handling in M-Files Server
https://notcve.org/view.php?id=CVE-2023-6189
22 Nov 2023 — Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods. Las comprobaciones de permisos de acceso faltantes en el servidor M-Files anteriores a 23.11.13156.0 permiten a los atacantes realizar trabajos de escritura y exportación de datos utilizando los métodos API de M-Files. Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs ... • https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6189 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6117 – M-Files REST API allows Denial of Service
https://notcve.org/view.php?id=CVE-2023-6117
22 Nov 2023 — A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks. Se detectó una posibilidad de consumo no deseado de memoria del servidor a través de las funcionalidades obsoletas en los métodos Rest API del servidor M-Files anteriores a 23.11.13156.0, lo que permite a los atacantes ejecutar ataques DoS. A possibility of unwanted server memory consumption was... • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6117 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5524 – M-Files Web Companion allows Remote Code Execution for some filetypes
https://notcve.org/view.php?id=CVE-2023-5524
20 Oct 2023 — Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types Lista negra insuficiente en M-Files Web Companion antes de la versión 23.10 y en las versiones de lanzamiento del servicio LTS anteriores a 23.8 LTS SR1 permite la ejecución remota de código a través de tipos de archivos específicos • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5524 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5523 – M-Files Web Companion allows Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-5523
20 Oct 2023 — Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution Ejecución de falla de contenido descargado en M-Files Web Companion antes de la versión 23.10 y versiones de lanzamiento del servicio LTS anteriores a 23.8 LTS SR1 permite la ejecución remota de código • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5523 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2325 – Stored XSS Vulnerability in M-Files Classic Web
https://notcve.org/view.php?id=CVE-2023-2325
20 Oct 2023 — Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en las versiones M-Files Classic Web anteriores a 23.10 y LTS Service Release Versions anteriores a 23.2 LTS SR4 y 23.8 LTS SR1 permite al atacante ejecutar scripts en el navegador de los usuarios a través de un documento HTML almacenado. S... • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-3406 – Path traversal issue in M-Files Classic Web
https://notcve.org/view.php?id=CVE-2023-3406
25 Aug 2023 — Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server Un problema de path traversal en las versiones de M-Files Classic Web, el cual afecta a las versiones inferiores a 23.6.12695.3 y a las versiones de lanzamiento del servicio LTS inferiores a 23.2 LTS SR3. Esta vulnerabilidad permite a un usuario autenticado leer algunos archivos restringidos en el servidor web. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3406 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-3425 – CVE-2023-3425: Out-of-Bounds memory read
https://notcve.org/view.php?id=CVE-2023-3425
25 Aug 2023 — Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory. Un problema de lectura fuera de los límites en M-Files Server, el cual afecta a las versiones inferiores a 23.8.12892.6 y a las versiones de lanzamiento del servicio LTS inferiores a 23.2 LTS SR3. Esta vulnerabilidad permite a un usuario no autenticado leer una cantidad restringida de bytes de la memoria. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3425 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3405 – Denial of service condition in M-Files Server
https://notcve.org/view.php?id=CVE-2023-3405
27 Jun 2023 — Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405 • CWE-248: Uncaught Exception •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2480 – Elevation of Privilege in M-Files Desktop Client
https://notcve.org/view.php?id=CVE-2023-2480
25 May 2023 — Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications • https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2480 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-862: Missing Authorization •